[AusNOG] Data Retention - are you kidding me??

Robert Hudson hudrob at gmail.com
Wed Nov 16 16:22:54 EST 2016


My understanding of the term "officer" in this context comes from "office
bearer" (ie an individual granted authority to act on behalf of an
organisation) rather than the the rank which is held by said individual.

When someone comes along and claims to be authorised, I suspect you'd want
to be asking for the letter from the commissioner authorising them to act
on behalf of the AFP in that particular matter.

IANAL, nor do I play one on television.  This not legal advice.

:)

Regards,

Robert

On 16 November 2016 at 16:00, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> There is no precedent. The access to data is governed under the
> TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979
>
>
> S  5AB provides that:
>
> (1A)  The Commissioner of Police may authorise, in writing, a senior
> executive AFP employee who is a member of the Australian Federal Police to
> be an authorised officer.
>
>
> Firstly, a senior constable is not an officer. They're an NCO. Secondly,
> ask the CAC for a copy of their authorisation, as provided under:
>
>
> (2)  A copy of an authorisation must be given to the Communications Access
> Coordinator:
>
>
> I am not a lawyer. This is not expert opinion.
>
>
> Kind regards
>
>
> Paul Wilkins
>
> On 16 November 2016 at 15:13, Ross Wheeler <ausnog at rossw.net> wrote:
>
>>
>> Had a call a short while back... I think I've got the details right, but
>> I sure hope I've got something wrong....
>>
>>
>> ISP had a senior constable come in with a request for data.
>> Request had been signed by said senior constable.
>>
>> As I understand the (meta)data retention legislation, a request has to be
>> signed by a senior officer (commissioner or thereabouts), or a minister etc.
>>
>> I suggested to the ISP that I thought the request was not valid but to
>> check it with the CAC. Had a call back a while later that basically the
>> ACMA said to honour the request, and that if there was a problem "it would
>> be caught in the audit later".
>>
>> This scares the pants off me.... if we're being told to just give the
>> data out to low-level shitkickers with no senior level oversight or
>> control, there's going to be no end of vexatious queries, fishing
>> expeditions and trivial requests. Who's going to get banged up if we
>> disclose private information that turns out (later) to have been given
>> incorrectly? How will the damage to affected person(s) be undone?
>>
>> A highly, HIGHLY dangerous precedent. (This was a smaller non-metro ISP
>> in a fairly out-of-the-way part of the world, perhaps for the very reason
>> that if it blows up in their face they can hide it more effectively than if
>> it was a large, highly visible isp).
>>
>> R.
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161116/f327f2d8/attachment.html>


More information about the AusNOG mailing list